Posted
by
timothy
on Thursday April 10, 2014 @10:26AM
from the picked-the-wrong-guys dept.

itwbennett (1594911) writes "When Jose Vildoza's father became the victim of ransomware, he launched his own investigation. Diving into CryptoDefense's code, he found its developers had made a crucial mistake: CryptoDefense used Microsoft's Data Protection API (application programming interface), a tool in the Windows operating system to encrypt a user's data, which stored a copy of the encryption keys on the affected computer. Vildoza and researcher Fabian Wosar of the Austrian security company Emsisoft collaborated on a utility called the Emsisoft Decrypter that could recover the encrypted keys. In mid-March Vildoza had launched a blog chronicling his investigation, purposely not revealing the mistake CryptoDefense's authors had made. But Symantec then published a blog post on March 31 detailing the error."

Because javascript can be used to do way too many annoying things. Like websites which think they can disable my right click (so I can use the back button) because they think I'm going to steal their images.

Yeah, it would've been much harder for the attackers to reverse his utility right? Anything that monitors file accesses would've seen what files it was accessing. I don't disagree the AV company made a mistake because they wanted publicity but I don't think what they did was as significant as you might think.

I've spent years trying to dissuade people from using (old) Excel's password "protection" due to the false sense of security. That Win API has the same effect—convinces the masses they're employing secure means when in fact they're not.

I think recent events have shown that relying on security of any kind leads to a false sense of security (examples: NSA backdoors, OpenSSL bugs, WEP vunerabilities, etc). We'd all be much safer if we simply assumed there was no such thing as security.

Because, if you publicize how you caught their error, they can fix it.

Exactly. They publicized the methods solely for marketing purposes -- so they could write a "ME TO" article, showing how their "researchers" are "On top" of security, and stealing thunder from the developer of the free Decryption software.

Because we're big Symantec, and we can't have third parties scooping us on antimalware techniques.

It also helps their product by making sure the authors of ransomware learn from mistakes,
so future ransomware is more robust, AND therefore, users will have greater damage by ransomware in the future, increasing the demand for Symantec's products.